Quitanza

Example: agent pays agent

The canonical flow, end to end: a principal grants a mandate, a buyer agent escrows under it, the provider delivers with a client-side signature, deterministic verification passes, and the matter closes in a quitanza that verifies offline. Runnable in one command; the example starts a local API in-process.

From a checkout of the Quitanza repository:

pnpm install
pnpm exec tsx examples/agent-pays-agent.ts

What it shows

  1. A mandate: the principal signs spending caps for the buyer's key. The buyer can only escrow within them, and the mandate's hash lands on the final proof.
  2. An escrow against exact terms: the acceptance checks include the hash of the agreed deliverable, so verification is byte-exact.
  3. A client-signed delivery: the provider signs with its own Ed25519 key via AgentSigner; no private key ever reaches the API.
  4. The quitanza: verified against the API, then again offline with verifyQuitanza, no API involved.
  5. Replay: the full event history from GET /v1/escrows/{id}/events, derived from the hash-chained trail.

The shape of it

const mandate = await qz.mandates.register(principal.signMandate({ ... }));
const escrow = await qz.escrows.create({ ..., mandateId: mandate.id });
await qz.escrows.fund(escrow.id, { idempotencyKey: `fund-${escrow.id}` });
const { verdict, quitanza } = await qz.escrows.submitSignedDelivery(
  escrow.id,
  provider.signDelivery(escrow.id, payload)
);
verifyQuitanza(quitanza); // true, offline

Every step is signed, every step is on the trail, and the proof at the end binds them all. See also the x402 client example and the dispute walkthrough.

This page as markdown